Republic of the Philippines

NUEVA VIZCAYA STATE UNIVERSITY

Bambang, Nueva Vizcaya
INSTRUCTIONAL MODULE

COLLEGE: INDUSTRIAL TECHNOLOGY

CAMPUS: Bambang Campus

DEGREE Bachelor of Science in COURSE

ITPEC2
PROGRAM INTE NO.
Network Management COURSE Network Design and
SPECIALIZATION
System TITLE Management
TIME WK IM
YEAR LEVEL 3
FRAME NO. NO.

I. UNIT TITLE
Designing a Network Topology

II. LESSON TITLE

1. Hierarchical design
2. Flat design vs. hierarchical design
3. Mesh vs. hierarchical-mesh
4. Redundant design
5. Modular design
6. Campus network and spanning tree
7. Virtual LANs

III. LESSON OVERVIEW

In this chapter, you will learn techniques for developing a network topology.
A topology is a map of an internetwork that indicates network segments,
interconnection points, and user communities. Although geographical sites can
appear on the map, the purpose of the map is to show the geometry of the network,
not the physical geography or technical implementation. The map is a high-level
blueprint of the network, analogous to an architectural drawing that shows the
location and size of rooms for a building, but not the construction materials for
fabricating the rooms.

IV. LESSON

TOPOLOGY as a map of a network that shows its segments, its interconnection points, and its
user communities. 

HIERARCHICAL DESIGN

The first of topology topic discussed is hierarchical network design. 

 core layer - routers and switches optimized to carry lots of data and to have high
availability, it acts as the backbone of the network, and carries data between sites.
 distribution layer - routers and switches with lower capacity than those in the core layer
that implement policies, and that connect as a between the access layer and the core
layer; they translate protocols as needed between the other two layers.
 access layer - the layer of switches and wireless access points through which users
connect their stations to the network, as well as the edge routers that connect LANs to
the distribution layer.

NVSU-FR-ICD-05-00 (081220) Page

In accordance with section 185. Fair Use of a Copyrighted Work of Republic Act 8293, the copyrighted works included in this material may be
reproduced for educational purposes only and not for commercial distribution.
 Republic of the Philippines
NUEVA VIZCAYA STATE UNIVERSITY
Bambang, Nueva Vizcaya
INSTRUCTIONAL MODULE

Unplanned network may grow by adding more and more switches, which can produce a network
with only one broadcast domain. This means that any broadcast not only reaches every host on
the network, it interrupts each host's processor, wasting time on a message that does not
concern most of them. A hierarchical design avoids this problem by producing subnets that are
separate broadcast domains. Each subnet is a separate module in the network, and more may
be added without causing needless traffic through existing subnets. This design also minimizes
traffic from one router to another, avoiding the traffic that would be caused by all routers talking
to each other constantly.

Enterprise Network Campus Design

An understanding of network scale and knowledge of good structured engineering principles is
recommended when discussing network campus design.

Network Requirements

When discussing network design, it is useful to categorize networks based on the number of devices
serviced:

 Small network: Provides services for up to 200 devices.

 Medium-size network: Provides services for 200 to 1,000 devices.
 Large network: Provides services for 1,000+ devices.

Network designs vary depending on the size and requirements of the organizations. For example, the
networking infrastructure needs of a small organization with fewer devices will be less complex than the
infrastructure of a large organization with a significant number of devices and connections.

There are many variables to consider when designing a network. For instance, consider the example
in Figure 1-1. The sample high-level topology diagram is for a large enterprise network that consists of a
main campus site connecting small, medium, and large sites.

Figure 1-1
Large Enterprise Network Design

Network design is an expanding area and requires a great deal of knowledge and experience.

NVSU-FR-ICD-05-00 (081220) Page

In accordance with section 185. Fair Use of a Copyrighted Work of Republic Act 8293, the copyrighted works included in this material may be
reproduced for educational purposes only and not for commercial distribution.
 Republic of the Philippines
NUEVA VIZCAYA STATE UNIVERSITY
Bambang, Nueva Vizcaya
INSTRUCTIONAL MODULE

Structured Engineering Principles

Regardless of network size or requirements, a critical factor for the successful implementation of any
network design is to follow good, structured engineering principles. These principles include

 Hierarchy: A hierarchical network model is a useful high-level tool for designing a reliable
network infrastructure. It breaks the complex problem of network design into smaller and more
manageable areas.
 Modularity: By separating the various functions that exist on a network into modules, the network
is easier to design. Cisco has identified several modules, including the enterprise campus,
services block, data center, and Internet edge.
 Resiliency: The network must remain available for use under both normal and abnormal
conditions. Normal conditions include normal or expected traffic flows and traffic patterns, as well
as scheduled events such as maintenance windows. Abnormal conditions include hardware or
software failures, extreme traffic loads, unusual traffic patterns, denial-of-service (DoS) events,
whether intentional or unintentional, and other unplanned events.
 Flexibility: The ability to modify portions of the network, add new services, or increase capacity
without going through a major forklift upgrade (i.e., replacing major hardware devices).

To meet these fundamental design goals, a network must be built on a hierarchical network architecture
that allows for both flexibility and growth.

Hierarchical Network Design

This topic discusses the three functional layers of the hierarchical network model: the access, distribution,
and core layers.

Network Hierarchy (1.1.2.1)

Early networks were deployed in a flat topology as shown in Figure 1-2.

Figure 1-2
Flat Switched Network

Hubs and switches were added as more devices needed to be connected. A flat network design provided
little opportunity to control broadcasts or to filter undesirable traffic. As more devices and applications
were added to a flat network, response times degraded, making the network unusable.

A better network design approach was needed. For this reason, organizations now use a hierarchical
network design as shown in Figure 1-3.

NVSU-FR-ICD-05-00 (081220) Page

In accordance with section 185. Fair Use of a Copyrighted Work of Republic Act 8293, the copyrighted works included in this material may be
reproduced for educational purposes only and not for commercial distribution.
 Republic of the Philippines
NUEVA VIZCAYA STATE UNIVERSITY
Bambang, Nueva Vizcaya
INSTRUCTIONAL MODULE

Figure 1-3
Hierarchical Network

A hierarchical network design involves dividing the network into discrete layers. Each layer, or tier, in the
hierarchy provides specific functions that define its role within the overall network. This helps the network
designer and architect to optimize and select the right network hardware, software, and features to
perform specific roles for that network layer. Hierarchical models apply to both LAN and WAN design.

The benefit of dividing a flat network into smaller, more manageable blocks is that local traffic remains
local. Only traffic that is destined for other networks is moved to a higher layer. For example, in  Figure 1-
3 the flat network has now been divided into three separate broadcast domains.

A typical enterprise hierarchical LAN campus network design includes the following three layers:

 Access layer: Provides workgroup/user access to the network

 Distribution layer: Provides policy-based connectivity and controls the boundary between the
access and core layers
 Core layer: Provides fast transport between distribution switches within the enterprise campus

Another sample three-layer hierarchical network design is displayed in Figure 1-4. Notice that each
building is using the same hierarchical network model that includes the access, distribution, and core
layers.

Figure 1-4

NVSU-FR-ICD-05-00 (081220) Page

In accordance with section 185. Fair Use of a Copyrighted Work of Republic Act 8293, the copyrighted works included in this material may be
reproduced for educational purposes only and not for commercial distribution.
 Republic of the Philippines
NUEVA VIZCAYA STATE UNIVERSITY
Bambang, Nueva Vizcaya
INSTRUCTIONAL MODULE

Multi Building Enterprise Network Design

NOTE

There are no absolute rules for the way a campus network is physically built. While it is true that many
campus networks are constructed using three physical tiers of switches, this is not a strict requirement. In
a smaller campus, the network might have two tiers of switches in which the core and distribution
elements are combined in one physical switch. This is referred to as a collapsed core design.

The Access Layer (1.1.2.2)

In a LAN environment, the access layer highlighted grants end devices access to the network. In the
WAN environment, it may provide teleworkers or remote sites access to the corporate network across
WAN connections.

As shown in Figure 1-5, the access layer for a small business network generally incorporates Layer 2
switches and access points providing connectivity between workstations and servers.

Figure 1-5
Access Layer

The access layer serves a number of functions, including

 Layer 2 switching
 High availability
 Port security
 QoS classification and marking and trust boundaries
 Address Resolution Protocol (ARP) inspection
 Virtual access control lists (VACLs)
 Spanning tree
 Power over Ethernet (PoE) and auxiliary VLANs for VoIP

The Distribution Layer (1.1.2.3)

The distribution layer aggregates the data received from the access layer switches before it is
transmitted to the core layer for routing to its destination. In Figure 1-6, the distribution layer is the
boundary between the Layer 2 domains and the Layer 3 routed network.

NVSU-FR-ICD-05-00 (081220) Page

In accordance with section 185. Fair Use of a Copyrighted Work of Republic Act 8293, the copyrighted works included in this material may be
reproduced for educational purposes only and not for commercial distribution.
 Republic of the Philippines
NUEVA VIZCAYA STATE UNIVERSITY
Bambang, Nueva Vizcaya
INSTRUCTIONAL MODULE

Figure 1-6
Distribution Layer

The distribution layer device is the focal point in the wiring closets. Either a router or a multilayer switch is
used to segment workgroups and isolate network problems in a campus environment.

A distribution layer switch may provide upstream services for many access layer switches.

The distribution layer can provide

 Aggregation of LAN or WAN links.

 Policy-based security in the form of access control lists (ACLs) and filtering.
 Routing services between LANs and VLANs and between routing domains (e.g., EIGRP to
OSPF).
 Redundancy and load balancing.
 A boundary for route aggregation and summarization configured on interfaces toward the core
layer.
 Broadcast domain control, because routers or multilayer switches do not forward broadcasts. The
device acts as the demarcation point between broadcast domains.

The Core Layer

The core layer is also referred to as the network backbone.

The core layer consists of high-speed network devices such
as the Cisco Catalyst 6500 or 6800. These are designed to
switch packets as fast as possible and interconnect multiple
campus components, such as distribution modules, service
modules, the data center, and the WAN edge.

As shown in Figure 1-7, the core layer is critical for

interconnectivity between distribution layer devices (for
example, interconnecting the distribution block to the WAN
and Internet edge).

The core should be highly available and redundant. The core

aggregates the traffic from all the distribution layer devices,
so it must be capable of forwarding large amounts of data
quickly. Figure 1-7
Core Layer

NVSU-FR-ICD-05-00 (081220) Page

In accordance with section 185. Fair Use of a Copyrighted Work of Republic Act 8293, the copyrighted works included in this material may be
reproduced for educational purposes only and not for commercial distribution.
 Republic of the Philippines
NUEVA VIZCAYA STATE UNIVERSITY
Bambang, Nueva Vizcaya
INSTRUCTIONAL MODULE

Considerations at the core layer include

 Providing high-speed switching (i.e., fast transport)

 Providing reliability and fault tolerance
 Scaling by using faster, and not more, equipment
 Avoiding CPU-intensive packet manipulation caused by security, inspection, quality of service
(QoS) classification, or other processes

Two-Tier Collapsed Core Design

The three-tier hierarchical design maximizes performance, network availability, and the ability to scale
the network design.

However, many small enterprise networks do not grow significantly larger over time. Therefore, a two-tier
hierarchical design where the core and distribution layers are collapsed into one layer is often more
practical. A “collapsed core” is when the distribution layer and core layer functions are implemented by a
single device. The primary motivation for the collapsed core design is reducing network cost, while
maintaining most of the benefits of the three-tier hierarchical model.

The example in Figure 1-8 has collapsed the distribution layer and core layer functionality into multilayer
switch devices.

Figure 1-8 
Two-Tier Hierarchical Design

The hierarchical network model provides a modular framework that allows flexibility in network design and
facilitates ease of implementation and troubleshooting.

Virtual LANs

Bandwidth domain as any set of devices that share bandwidth or compete for access to it. In a classic
wired Ethernet, there was one bandwidth domain, because all devices on that LAN competed for access
with each other. In an Ethernet with switches, the text tells us that each device that is wired to a switch is
on its own bandwidth domain, but this is a little specious, since the there is no point in communicating
only with the switch.

The text also defines a broadcast domain as the set of devices that can receive each other's broadcasts
frames. This is better definition than we usually see. We are reminded (or told, if we did not know) that the
broadcast address for layer 2 is a MAC address that is all Fs: FF:FF:FF:FF:FF:FF

The text turns a corner and steers toward VLANs. Users anywhere on your network can be made
members of a common Virtual LAN, which lets them communicate as easily as if they were on the same
LAN. This was the original use of VLANs. They are not often used for this purpose any longer. Usually,
VLANs are used, as the text says, to make a large switch act as though it was really several switches,
so that it can be used to separate groups of ports into different VLANs. This has the benefit of having
NVSU-FR-ICD-05-00 (081220) Page
In accordance with section 185. Fair Use of a Copyrighted Work of Republic Act 8293, the copyrighted works included in this material may be
reproduced for educational purposes only and not for commercial distribution.
 Republic of the Philippines
NUEVA VIZCAYA STATE UNIVERSITY
Bambang, Nueva Vizcaya
INSTRUCTIONAL MODULE

each VLAN act as a separate broadcast domain, minimizing broadcast intrusions for all devices plugged
into ports on that switch. A virtual router on the switch connects the separate VLANs the same way a real
router would.

As you might imagine from the description of VLAN users being anywhere in your network, a VLAN can
exist on specific ports of multiple switches. When this is done, the connections between the switches that
contain the parts of a VLAN are called trunks or trunk links. Frames traveling from one such switch to
another are given a header identifying the VLAN it belongs to. The header is called a  VLAN tag. As the
illustration on page 144 shows, we can place multiple VLANs on a switch, they can all span to other
switches across trunk links.

Wireless LANs

The text offers some general advice about placing wireless access points, and positioning antennas. The
text mentions that most WAP antennas are isotropic antennas, also called omnidirectional antennas.
This means that they should radiate signals in a spherical pattern, equally in all directions. The reality is
that the patterns are not perfect spheres. Think of an antenna as a stick that points up. Think of the signal
as a disk with a hole in its center that the antenna has been pushed through. The strongest signal coming
from such an antenna will radiate like a disk that is centered on the antenna. If the antenna is mounted
vertically, the plane of that disk will be strongest horizontally. 

The text also mentions that mobile devices like cell phones and laptops have a variety of antenna types
and alignments. It mentions that the antennas of those devices may be large or small, and may be
oriented in any direction. The text suggests that a given WAP may offer connections to too many wireless
devices if the WAP's signal is too strong. It recommends that we may want to reduce signal strength to
limit the operating distance, which will limit the number of stations that can connect, which may improve
the user experience of those who can connect.

The text also recommends that when we set up multiple WAPs on a campus, we should make all wireless
users members of a particular VLAN, which will simplify subnet addressing for those devices, and may
provide an advantage when roaming from one wireless cell to another.

The text also recommends redundant WAPs when high availability is desired. When using Cisco
equipment, the second WAP in each pair would be placed in Hot Standby mode, which monitors the
primary WAP in the pair, and causes the standby WAP to take over if the primary WAP fails.

Redundancy and Load Sharing

Text discussed redundant switches and spanning tree protocol to control which switch is active in a
redundant situation. It tells us here that this solution does not support load sharing. It recommends a
newer protocol from Cisco, Per VLAN Spanning Tree+ (PVST+), which constructs a separate logical tree
for every VLAN.

Note that each switch holds elements of two VLANs, and each switch is linked to both switches in the
hierarchical layer above it.

Server redundancy

The text lists several kinds of servers that should be considered for redundancy:

 file servers
 web servers
 DHCP servers - The text reminds us that DHCP requests are broadcast requests. If your DHCP
server serves more than one network or subnet, you must configure appropriate routers to
forward this kind of traffic.
 name servers - Servers for DNS, WINS, and NetBIOS Name Service (NBNS).
 database servers

NVSU-FR-ICD-05-00 (081220) Page

In accordance with section 185. Fair Use of a Copyrighted Work of Republic Act 8293, the copyrighted works included in this material may be
reproduced for educational purposes only and not for commercial distribution.
 Republic of the Philippines
NUEVA VIZCAYA STATE UNIVERSITY
Bambang, Nueva Vizcaya
INSTRUCTIONAL MODULE

Workstation to router redundancy

Workstations will typically need access to routers for any information not on their own networks. Routers,
like other devices, go down from time to time, so redundant routers are recommended.

The text ponders how the workstations will find the redundant routers, once their default routers are
down. The use of the Router Discovery Protocol (RDP) which causes routers to multicast their
addresses and services every 7 to 10 minutes.

This is a Cisco book, so a Cisco specific solution to default gateway failure. Hot Standby Router Protocol
(HSRP) is explained as a protocol that allows for a primary and a backup router, both of which would act
on requests sent to a virtual router (also called a phantom router), whose IP address and MAC address
would be delivered as the default router for a network by a DHCP server.

Designing the enterprise edge

The text suggests that we should have some redundant connections to our WAN links that are actually
redundant. We are warned that we should ask for circuit diversity from our data carriers, so that a
backup circuit is actually different from our primary connection to their data service. It would not do any
good to have a backup system that is taken down by the same threats that could take down our primary
system.

The text presents some terms you may know, but uses some in different ways than you might know:

 multihoming - the practice of providing multiple routes to the Internet

 default route, gateway of last resort - the router to use when no other router is specified
 best route - the most efficient and fastest route to a destination, which the text warns us we
cannot expect over the Internet due to fact that Border Gateway Protocol (BGP) does not offer a
feature to choose such routes

Virtual Private Networking

You probably know that VPNs are used to make secure connections over the Internet, over leased data
line, and over regular network lines. The text provides some background on VPN functions. It mentions
that VPNs often use tunneling, the practice of encapsulating packets in other kinds of packets so they
can pass across a network that does not understand their native packet type.

NVSU-FR-ICD-05-00 (081220) Page

In accordance with section 185. Fair Use of a Copyrighted Work of Republic Act 8293, the copyrighted works included in this material may be
reproduced for educational purposes only and not for commercial distribution.